maintain a chown setting

sde · 12-05-2005, 10:57 AM

i have this dev linux box that i'm using. from the web, i make it run a script that populates a directory.

after the directory gets populated, every file owner:group is set to apache:apache.

the problem here is that the user who's directory these files exist in can not modify the files.

i thought there was a way to set permissions on a directory, so any file recursively gets the same permission, .. but i'm not sure if there is a way to do this with keeping the owner:group the same. is there?

Belisarius · 12-05-2005, 02:34 PM

I'm not following. At first glance, it sounds like you want chown -R, but based off whoever the directory is owned by, which would be an ls/awk script. I must be missing something though . . .

sde · 12-05-2005, 02:42 PM

i worked around it by adding the user to the apache group and apache user to the user's group.

the thing is that this script gets executed on cron by the user. but there is also a web interface that can execute this script at any time.

if the web script executes, all the files in the directory that get generated are apache:apache. note that some files may have to be deleted as well.

so both the apache and the user need to be able to write to any file in these directories.

teknomage1 · 12-05-2005, 08:14 PM

why don't you make the user and apache members of the "web" group? that way you only have to make sure everything is group writable. You could even make the user part of the apache group as long as apache's secure files are only r/w by the apache user not the apache group.

sde · 12-05-2005, 08:22 PM

Quote:

Originally Posted by sde

i worked around it by adding the user to the apache group and apache user to the user's group.

like that?

i'm not sure i have a 'web' group. isn't that what the apache group is?

after the files get created, i chmod 775, so no matter if the user, or apache runs it next time, they can be written over.

teknomage1 · 12-05-2005, 08:35 PM

damn must be the la smog getting to me...I've grown blind.

EDIT Whoa don't make 'em executable if you don't trust your web users. You can open yyourself up for exploits.

sde · 12-05-2005, 08:49 PM

well it's a local internal dev box at work, so i'm not really concerned about the users. i don't think it really matters anyway since they are php files can be executed by pulling them up in the browser.

how is it so far , .. besides the smog?

teknomage1 · 12-05-2005, 09:54 PM

It's actually really cool, if a bit pricy, here. But work is awesome. I get two free meals a day and great health benefits. And the place is 100 percent linux. Really, it's my dream job.